Sr. Specialist Risk Assessment

Base Salary Range: $123833 - $170184

• Assist with the secure design, implementation, and management of security cloud solutions for the City, ensuring the protection of critical data and systems in the cloud environment.
• Conduct security assessments, threat modeling, and architecture reviews of existing cloud architectures, identify cyber security gaps, and recommend solutions to enhance cloud security posture.
• Provide leadership and direction in the research, design, planning, and execution of cloud security initiatives to address emerging threats and trends related to generative/Agentic AI, data usage, access governance, monitoring, and misuse, and advising stakeholders on secure and responsible adoption of AI technologies in cloud environments.
• Provide subject?matter expertise in PCI?DSS compliance within cloud environments, supporting PCI-DSS scoping, control validation, evidence review, and remediation guidance for cloud?hosted payment systems and integrated third?party services.
• Collaborate with cross-functional teams to ensure the secure adoption and operation of secure cloud services, while identifying areas of improvement for ongoing cloud security practices.
• Assist in developing, documenting, and enforcing cloud security policies, standards, and guidelines. Ensure alignment with industry best practices, frameworks, and regulatory compliance requirements through comprehensive security assessments and collaborative discussions
• Assist the technology team in implementing robust security controls in cloud environments, safeguarding against potential cloud-specific vulnerabilities.
• Offer training and mentorship to internal teams, promoting the adoption of cloud security concepts and best practices, including network security and data protection in the cloud.
• Drive alignment between business and technical teams on cloud security priorities and initiatives, ensuring seamless execution of cloud security programs.
• Stay informed on the latest cloud security developments and trends to proactively recommend improvements and ensure the organization remains ahead of potential threats.

• Post-secondary degree in Business or Technology or a related discipline
• Extensive experience in cloud security assessments, threat modeling, and cloud architecture reviews.
• Strong understanding of cloud security frameworks, industry standards, and regulatory requirements (NIST, CSA CCM, CIS, ISO 27001, PCI-DSS etc.).
• Hands-on implementation experience with cloud data platforms.
• In-depth knowledge of cloud platforms, security solutions, and services (AWS, Azure, Google Cloud, etc.).
• Solid understanding of Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM), Cloud Native Application Protection Platform (CNAPP) and Cloud Workload Protection Platform (CWPP) tools; knowledge of cloud security frameworks, standards and best practices; and working with cloud IAM and IaaS, PaaS and SaaS native security capabilities.
• Extensive experience with serverless, container hosting and orchestration services.
• Known for your strategic, innovative, systematic thinking and ability to help others through change.
• Strong knowledge of effective security practices in a large, complex environment and awareness of general security-related training requirements within this environment.
• Preferred Certifications (at least two in the list):  CISSP, CCSP, CCSK, TOGAF, ISO 27001 LA, or CRISC

• Ability to work in transformative programs.
• Ability to lead efficient communication between all project stakeholders, including internal teams and clients.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Keen attention to detail and strong organizational skills.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
• Strong analytical skills and ability to prioritise and multitask.
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Able to work extremely well under pressure while maintaining a high level of professionalism.
• Self-motivated person with desire to go above and beyond tasks.
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.